This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Comment

If springSecurityFilterChain is commented out, then it means Spring Security is not processing the URLs. This is demonstrated by the logs which states that the DispatcherServlet is trying to process /j_spring_security_check. If Spring Security is processing the URL, it would never get to the DispatcherServlet. In short, this message appears to be coming from Spring MVC's Dispatcher Servlet which is not set up to process /j_spring_security_check as a POST. You will need to uncomment springSecurityFilterChain before Spring Security will process the URL.

Comment

The DelegatingFilterProxy is only aware of the parent application context (i.e. what is loaded by the ContextLoaderListener). This means the security configuration needs to be specified in the contextConfigLocation (which is currently empty). The DispatcherServlet loads a child ApplicationContext which is private to the SpringMVC configuration (i.e. DelegatingFIlterProxy will not be able to find it).